I can safely say in the last 12 years or so I never had a computer virus (or malware) on my Windows computer. It’s not because I have some über anti-virus or setup that prevents viruses from being installed. It’s mostly due to how I modified my behavior as a computer user that prevented doing things that will allow viruses from being installed.
Since my first introduction to computer virus, I have always been interested in them. I think the best way to prepare for or defend against getting viruses is to understand them. Know your enemy, how computers get infected, and how they spread. Not only did I not have any viruses on my computer for about ~12 years, but I also didn’t have any anti-virus installed for the majority of that period. So how do I know if I had a virus or not if I never even checked to see if I had any viruses on my computer? Before I finally started using windows Free Security Essentials about four years ago, I would occasionally download (once or twice a year) free antiviruses like AVG and do a quick scan to see if everything is in order. Most modern viruses work in the background and stay there for all its life if you don’t actively do a scan. And even the best anti-virus doesn’t have 100% detection rate. Something else that made my life easier is that modern Windows OS are relatively safer and updated frequently, and the most common virus attack vector, web browsers are also much safer than they used to be.
So what did I do to minimize my chances of getting malware or viruses on my windows computer?
- Change my default browser to the one with the best reputation of being safe. Believe it or not, there was a time some people used to use IE not only because it was a default choice in their windows computer, but also because at one point it was the best browser out there, hands down. For whatever reason, they stopped maintaining that standard and a new better choice popped up (Firefox), then after few years an even better choice came along and I switched to that browser (Chrome). The point is, I tried to stick with the browser, that is most actively developed, updated, and most secured. If tomorrow, there is a better option, I will happily switch to that browser. There is no room for hero-worshipping or ideological support for a browser that doesn’t support and protect me best.
- Even though the browser is the most common vectors for viruses and malware out there. Plugins within the browsers are a major culprit. Unpatched flash/java plugins can make your computer a sitting duck to fly by viruses. It’s a good thing that at least with Chrome, these plugins are automatically updated to the latest version but it’s not enough to protect you from a 0-day vulnerability. So by default, I disable third-party plugins like java/flash, I even go a step further and disable all types of scripts from loading by default on my browser by using NoScript and Adblock. I only manually enable scripts and ads on sites I frequent, trust them, and want to support them (by disabling AdBlock). Do this and you are safe from 80% of malware/viruses out there (figuratively speaking).
- Virus makers are also part-time psychologists. They know how to convince most people to download their viruses. A successful virus is also a successful practice in social engineering. Some of the most successful and famous viruses convinced unaware users to download them. So to better prepare yourself from these social engineering, follow these simple rules:
- From an active security stand-point, always enable automatic update on your OS/browser/plugins/anti-virus.
- File sharing and downloading services are also a common and effective way to spread viruses. Try to avoid them if possible.
- If you must use anti-virus, there are very good free anti-viruses out there like free AVG or Microsoft security essential. Even though I have not installed any commercial AV in a long time I have always found them, resource-hungry, expensive, intrusive without necessarily making you more secure. I can’t tell you if things have gotten better, so your mileage may vary if you decide to go with a commercial option.
- If you must share your computer with someone else regularly or even that one time your friend wants to check out his Facebook status. Make sure you have a separate guest account for that.
1) If it sounds too good to be true, it probably is.
2) If you receive an attachment by email/IM/IRC from someone you know but wasn’t expecting. Ask them to verify that this is indeed sent by them and then do a scan before opening them.
You don’t need to be a security consultant or a computer geek to be safe from viruses and malware. Common sense plays a big role. Follow my tips and you should be safe. Do you have any unique strategy or tips (that doesn’t involve using another OS) that you use to stay virus-free on a windows computer? Do share in comments.